Zorp Pro 2.0, post-installation
Hi, all. I've just installed Zorp Pro 2.0 for the first time, and I have two questions. First, is there a more current "Getting Started" pdf (English version) than the one on the balabit.com website? That one describes ZUI, which as far as I can tell has been deprecated in 2.0 in favor of ZMC, right? Second, I'm having trouble connecting to my freshly-installed firewall using ZMC (running on my Windows 98 laptop, since my CDROM appears to contain only the Windows and Debian versions of ZMC) -- I get the error "Can't resolve address," even though I've got both an A-record and a PTR-record for my firewall in my local LAN's DNS. I'm trying to connect to the firewall's internal interface on TCP 1310 (also tried TCP 1314; same error). If the answer to question #1 is "yes," the second question may not be so important. :-) Thanks, Mick Bauer /-------------------------------------------------\ | Michael D. (Mick) Bauer | | Hired Goon Specializing in Information Security | | Security Editor, Linux Journal | | Dir. of Value-Subtracted Svcs., Wiremonkeys.org | \-------------------------------------------------/ /-------------------------------------------------\ | Michael D. (Mick) Bauer | | Hired Goon Specializing in Information Security | | Security Editor, Linux Journal | | Dir. of Value-Subtracted Svcs., Wiremonkeys.org | \-------------------------------------------------/
By changing the OUTPUT default policy on my firewall to ACCEPT, I was able to connect from my ZMS client (actually I could've achieved the same thing by leaving it at DROP but by inserting an "accept established" rule in the OUTPUT chain, right? And shouldn't that be the default?). But immediately after successful authentication, I received the error "Request: missing or invalid type", and my ZMS client quit. Thoughts? Thanks, Mick Bauer /-------------------------------------------------\ | Michael D. (Mick) Bauer | | Hired Goon Specializing in Information Security | | Security Editor, Linux Journal | | Dir. of Value-Subtracted Svcs., Wiremonkeys.org | \-------------------------------------------------/
Hi, all.
I've just installed Zorp Pro 2.0 for the first time, and I have two questions.
First, is there a more current "Getting Started" pdf (English version) than the one on the balabit.com website? That one describes ZUI, which as far as I can tell has been deprecated in 2.0 in favor of ZMC, right?
Second, I'm having trouble connecting to my freshly-installed firewall using ZMC (running on my Windows 98 laptop, since my CDROM appears to contain only the Windows and Debian versions of ZMC) -- I get the error "Can't resolve address," even though I've got both an A-record and a PTR-record for my firewall in my local LAN's DNS. I'm trying to connect to the firewall's internal interface on TCP 1310 (also tried TCP 1314; same error).
If the answer to question #1 is "yes," the second question may not be so important. :-)
Thanks, Mick Bauer
/-------------------------------------------------\ | Michael D. (Mick) Bauer | | Hired Goon Specializing in Information Security | | Security Editor, Linux Journal | | Dir. of Value-Subtracted Svcs., Wiremonkeys.org | \-------------------------------------------------/
/-------------------------------------------------\ | Michael D. (Mick) Bauer | | Hired Goon Specializing in Information Security | | Security Editor, Linux Journal | | Dir. of Value-Subtracted Svcs., Wiremonkeys.org | \-------------------------------------------------/
_______________________________________________ zorp mailing list zorp@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/zorp
On Tue, 2003-12-02 at 04:33, Michael D. (Mick) Bauer wrote:
By changing the OUTPUT default policy on my firewall to ACCEPT, I was able to connect from my ZMS client (actually I could've achieved the same thing by leaving it at DROP but by inserting an "accept established" rule in the OUTPUT chain, right? And shouldn't that be the default?).
Yes, it should be the default. (also by default we don't use DROP rule on OUTPUT chain)
But immediately after successful authentication, I received the error "Request: missing or invalid type", and my ZMS client quit.
It seems like you use zms-engine from the 2.0 series. Zms client for windows is not available from the 2.0 series, but from the 2.1. These are incompatible, so you have to upgrade your zms-engine to 2.1. The upgrade is available from the apt.balabit.hu apt-source, but it require username/password. BTW: can you tell me the version of your installation CD? You can check it by booting from it, and pressing F9 on the bootscreen, or mount it on a working machine and view the file /cdrom/isolinux/version.scr. MCS
How odd. My installation CDROM is for Zorp Pro 2.0, but that CDROM is where I got the Windows ZMS client! My version.scr file says: - Zorp version: 2.0.5-1 - Libzorp version: 2.0.26.20-1 - ZMS version: 2.0.3-1 - Kernel version: 2.4.20-zorpos-up_7.3 - Installer version: 20030806-592 I've sent email to info@balabit.hu asking for access to apt-source, so I can upgrade to 2.1. Thanks for your prompt replies! Mick
On Tue, 2003-12-02 at 04:33, Michael D. (Mick) Bauer wrote:
By changing the OUTPUT default policy on my firewall to ACCEPT, I was able to connect from my ZMS client (actually I could've achieved the same thing by leaving it at DROP but by inserting an "accept established" rule in the OUTPUT chain, right? And shouldn't that be the default?).
Yes, it should be the default. (also by default we don't use DROP rule on OUTPUT chain)
But immediately after successful authentication, I received the error "Request: missing or invalid type", and my ZMS client quit.
It seems like you use zms-engine from the 2.0 series. Zms client for windows is not available from the 2.0 series, but from the 2.1. These are incompatible, so you have to upgrade your zms-engine to 2.1. The upgrade is available from the apt.balabit.hu apt-source, but it require username/password.
BTW: can you tell me the version of your installation CD? You can check it by booting from it, and pressing F9 on the bootscreen, or mount it on a working machine and view the file /cdrom/isolinux/version.scr.
MCS
_______________________________________________ zorp mailing list zorp@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/zorp
/-------------------------------------------------\ | Michael D. (Mick) Bauer | | Hired Goon Specializing in Information Security | | Security Editor, Linux Journal | | Dir. of Value-Subtracted Svcs., Wiremonkeys.org | \-------------------------------------------------/
Hi, Major. Bazsi just gave me a username & password for the apt-source site. What should my new sources.list entry look like? (Pardon the newbie question, but I don't use Debian often.) Thanks, Mick
On Tue, 2003-12-02 at 04:33, Michael D. (Mick) Bauer wrote:
By changing the OUTPUT default policy on my firewall to ACCEPT, I was able to connect from my ZMS client (actually I could've achieved the same thing by leaving it at DROP but by inserting an "accept established" rule in the OUTPUT chain, right? And shouldn't that be the default?).
Yes, it should be the default. (also by default we don't use DROP rule on OUTPUT chain)
But immediately after successful authentication, I received the error "Request: missing or invalid type", and my ZMS client quit.
It seems like you use zms-engine from the 2.0 series. Zms client for windows is not available from the 2.0 series, but from the 2.1. These are incompatible, so you have to upgrade your zms-engine to 2.1. The upgrade is available from the apt.balabit.hu apt-source, but it require username/password.
BTW: can you tell me the version of your installation CD? You can check it by booting from it, and pressing F9 on the bootscreen, or mount it on a working machine and view the file /cdrom/isolinux/version.scr.
MCS
_______________________________________________ zorp mailing list zorp@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/zorp
/-------------------------------------------------\ | Michael D. (Mick) Bauer | | Hired Goon Specializing in Information Security | | Security Editor, Linux Journal | | Dir. of Value-Subtracted Svcs., Wiremonkeys.org | \-------------------------------------------------/
participants (2)
-
Major Csaba
-
Michael D. (Mick) Bauer